SPEC URL: https://topazus.fedorapeople.org/rpms/actor-framework.spec SRPM URL: https://topazus.fedorapeople.org/rpms/actor-framework-0.19.1-1.fc39.src.rpm Description: CAF is an open source implementation of the actor model for C++ featuring lightweight & fast actor implementations, pattern matching for messages, network transparent messaging, and more. Fedora Account System Username: topazus Reproducible: Always
Copr build: https://copr.fedorainfracloud.org/coprs/build/5897247 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2196274-actor-framework/fedora-rawhide-x86_64/05897247-actor-framework/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
SPEC URL: https://topazus.fedorapeople.org/rpms/actor-framework.spec SRPM URL: https://topazus.fedorapeople.org/rpms/actor-framework-0.19.1-1.fc39.src.rpm fix owner of directory
Created attachment 1963640 [details] The .spec file difference from Copr build 5897247 to 5905027
Copr build: https://copr.fedorainfracloud.org/coprs/build/5905027 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2196274-actor-framework/fedora-rawhide-x86_64/05905027-actor-framework/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
This isn't really relevant for the review, but a hint to save work: > # https://github.com/actor-framework/actor-framework/commit/db5fd0b2f56e4df14fe9a407f0461d1c34c42fbd > Patch0: actor-framework-fix-tools.patch I'd write this as Patch: https://github.com/actor-framework/actor-framework/commit/db5fd0b2f56e4df14fe9a407f0461d1c34c42fbd.patch This has the advantage that 'spectool -g *.spec' will just download the file without further ado. > License: BSD-3-Clause OR BSL-1.0 I think this needs to be "AND" instead. The sources are under the first license, but they are also combined with some other (header) files to form the compiled product. The result must then satisfy both licenses, i.e. is under the first and the second license. > actor-framework-tools.x86_64: W: no-manual-page-for-binary caf-run > actor-framework-tools.x86_64: W: no-manual-page-for-binary caf-vec > actor-framework-devel.x86_64: W: no-documentation > actor-framework-tools.x86_64: W: no-documentation Meh. > actor-framework.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/libcaf_openssl.so.0.19.1 SSL_CTX_set_cipher_list This one is fairly problematic. The code does: SSL_CTX_set_cipher_list(ctx, "HIGH:!aNULL:!MD5") https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/#_cc_applications says: > check the source code for SSL_CTX_set_cipher_list(). If it is not present then nothing needs to be done (the default is used). Otherwise, if that call is present and provided a fixed string which does not contain PSK or SRP, replace the string with "PROFILE=SYSTEM", or remove the call. > 6 packages and 0 specfiles checked; 0 errors, 5 warnings, 0 badness; has taken 1.3 s Quoting Frostyx's review service: Requires (with glibc and linker stuff removed) -------- actor-framework (rpmlib, GLIBC filtered): libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcrypto.so.3()(64bit) libcrypto.so.3(OPENSSL_3.0.0)(64bit) libssl.so.3()(64bit) libssl.so.3(OPENSSL_3.0.0)(64bit) actor-framework-devel (rpmlib, GLIBC filtered): actor-framework(x86-64) cmake-filesystem(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcaf_net.so.0.19.1()(64bit) libcaf_openssl.so.0.19.1()(64bit) actor-framework-tools (rpmlib, GLIBC filtered): actor-framework(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) actor-framework-debuginfo (rpmlib, GLIBC filtered): actor-framework-debugsource (rpmlib, GLIBC filtered): Provides -------- actor-framework: actor-framework actor-framework(x86-64) libcaf_core.so.0.19.1()(64bit) libcaf_io.so.0.19.1()(64bit) libcaf_net.so.0.19.1()(64bit) libcaf_openssl.so.0.19.1()(64bit) actor-framework-devel: actor-framework-devel actor-framework-devel(x86-64) cmake(CAF) cmake(caf) actor-framework-tools: actor-framework-tools actor-framework-tools(x86-64) Looks all good. (Or even better than "good". The spec file is very clean.) + package name is OK + license is acceptable for Fedora (BSD-3-Clause) - license is specified correctly (see above) + builds and installs OK + BR/P/R look correct + no scriptlets needed or present - rpmlint finds one issue (see above)
The PR of https://github.com/actor-framework/actor-framework/pull/1411 was merged by the upstream maintainer trying to solve the warning of crypto-policy-non-compliance-openssl, and the new release 0.19.2 was published. But rpmlint tool also reported the warning with the building of the new release. ref: https://copr.fedorainfracloud.org/coprs/topazus/test-review/build/6072938/ https://download.copr.fedorainfracloud.org/results/topazus/test-review/fedora-rawhide-x86_64/06072938-actor-framework/fedora-review/review.txt
update to new release: SPEC URL: https://topazus.fedorapeople.org/rpms/actor-framework.spec SRPM URL: https://topazus.fedorapeople.org/rpms/actor-framework-0.19.2-1.fc39.src.rpm
Created attachment 1970700 [details] The .spec file difference from Copr build 5905027 to 6073691
Copr build: https://copr.fedorainfracloud.org/coprs/build/6073691 (succeeded) Review template: https://download.copr.fedorainfracloud.org/results/@fedora-review/fedora-review-2196274-actor-framework/fedora-rawhide-x86_64/06073691-actor-framework/fedora-review/review.txt Please take a look if any issues were found. --- This comment was created by the fedora-review-service https://github.com/FrostyX/fedora-review-service If you want to trigger a new Copr build, add a comment containing new Spec and SRPM URLs or [fedora-review-service-build] string.
Hello, I wonder is there any comments on the rpmlint warning of crypto-policy-non-compliance-openssl even for the latest release?